Classify geographical traffic with BGP

burakdinci · ‎04-14-2009

Hello ,

I have got one internet router running BGP , and this router has got connections with two different ISPs. One of the ISP is local for my country and the other ISP's location is outside of my country. I want to classify geographical traffic with BGP. For example , local traffic to my country will go through ISP-1 (local ISP) , outside traffic to my country will go through ISP-2 (outside of my country ISP). What i have to do to achieve that kind of configuration ? If i have to use AS path filter , how can i find the local ISP AS path numbers and how can i configure AS path filter for this request ? Kind Regards...

Burak Dikici

Giuseppe Larosa · ‎04-14-2009

Hello Burak,

your understanding is correct: BGP has no knowledge of geography.

About building AS path filters:

to find out the ASes of important organizations in your country you can use the following procedure:

(approximated by server hosting services)

build a list of web sites in your country

use a DNS lookup to find associated ip addresses.

Use a site like

www.traceroute.org

to locate a looking glass nearby you.

Use the sh ip bgp feature of the looking glass and note the righmost AS in AS path.

Eventually verify last AS using whois database of your regional internet registry:

ARIN for Americas

RIPE for europe

APNIC for Asia

when you search an AS write

ASxxxx in the search box

the right point of view if available can be the looking glass of your national ISP.

At the end of the process you have a list of AS paths that are via the national ISP and that connect to your country important sites

(note for you the national ISP AS number is prepended to you it is the AS you have set in neigh ... remote-as command).

At the end you can build an AS path access-list and you can provide better local preference (higher) or a weight to those routes using a route-map

ip as-path access-list 1 permit

route-map prefer-national-routes permit 10

match as-path 1

set local-prefence 200

set weight 500

route-map prefer-national-routes permit 20

! empty block here to accept unchanged all other routes

router bgp xx

neigh national-isp-ip.addr route-map prefer-national-routes in

Other more simple criteria are possible using BGP communities contact your national ISP to see what they offer/propose.

Hope to help

Giuseppe

burakdinci · ‎04-14-2009

Hello Giuseppe ,

Is that enough using the as-path filter just for the national ISP or should i use it for international ISP also ?

Regrads.

Burak

burakdinci · ‎04-14-2009

Hello Giuseppe ,

I have got another question about this subject. If i use AS-path filter for both ISP connections , what will happen to redundancy ? I mean , for example i filter national AS numbers at the international ISP connection and deny them. Secondly , i filter national AS numbers at the national ISP connection , permit them and the other AS numbers will be denied. In this situation , what will happen if the local ISP connection goes down ? Because of filtering of the national AS numbers at the international ISP connection , the BGP table doesn't take any updates from the local AS numbers. I hope , i could explain the situation correctly. Regards...

Burak Dikici

Giuseppe Larosa · ‎04-14-2009

Hello Burak,

>> If i use AS-path filter for both ISP connections , what will happen to redundancy ?

the idea is to use AS path based filters not to filter but to give preference (using local-preference or weight if this is the only eBGP router) to some specific routes received by the national ISP.

if you follow down my first lengthy post I suggest to use a route-map to increase local-preference or weight.

For example you can prefer international ISP for all destinations with loc-pref 150 or using weight 200.

Then for those routes identified as national the route-map provide a way to override that preference so that the routes received from the national ISP (only for those routes identified as national) are preferred. This can be achieved or using local preference 200 (>150) or weight 500 (> 200).

In this way you don't miss redundancy but in normal scenario makes traffic to go out international ISP for non national routes and to use the national ISP for national destinations

Hope to help

Giuseppe

burakdinci · ‎04-14-2009

Thanks Giuseppe , i will try your recommendations. Kind Regards.

Burak Dikici

burakdinci · ‎04-14-2009

By the way i wonder , how can it be done symmetrical traffic flow in this scenario ? Local traffic goes from local ISP and the return traffic comes back through local ISP. Outside of the country traffic goes from international IPS and the return traffic comes back through internaional ISP. I don't want to cause any asymmetrical traffic flow between different ISPs and my site.

Giuseppe Larosa · ‎04-15-2009

Hello Burak,

the capacity to influence how traffic comes back to you is limited in BGP.

You could only use AS path prepending in a scenario with a primary ISP / secondary ISP and still you would see some traffic coming back on the secondary ISP link.

Be prepared for some amount of asymmetric paths.

However, they are not a real issue unless there is a firewall on the path.

If your firewalls are more internal this is not a problem.

You could try to send more specific routes to your national ISP adding to them a BGP community that is used to mark national routes.

If the more specific routes are propagated by national ISP in the international internet most of international traffic would come back via it (the national ISP).

Hope to help

Giuseppe